{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":18206372,"defaultBranch":"dnf-4-master","name":"libdnf","ownerLogin":"rpm-software-management","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2014-03-28T09:00:31.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/8504469?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1718963758.0","currentOid":""},"activityList":{"items":[{"before":"5449211cd69b7cc700a5a94084e6dee6f0c791b0","after":"a6d89d66698f75c01539cd03c04a87ab52b6db7c","ref":"refs/heads/dnf-4-master","pushedAt":"2024-07-02T14:01:40.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"},"commit":{"message":"Set pool flag to fix pool_addfileprovides_queue() without filelists.xml\n\nSince dnf4 now also conditionally load filelists it ran into the same\nproblem as dnf5 here: https://github.com/rpm-software-management/dnf5/issues/520\n\nAdditional details in: https://github.com/openSUSE/libsolv/pull/531","shortMessageHtmlLink":"Set pool flag to fix pool_addfileprovides_queue() without filelists.xml"}},{"before":"86bbb159732e43dd6dff98c96e99382843f7c63b","after":"5449211cd69b7cc700a5a94084e6dee6f0c791b0","ref":"refs/heads/dnf-4-master","pushedAt":"2024-06-27T20:03:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"evan-goode","name":"Evan Goode","path":"/evan-goode","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7495216?s=80&v=4"},"commit":{"message":"Support colon in username, use LRO_USERNAME and LRO_PASSWORD\n\nRequires librepo version >= 1.18.0","shortMessageHtmlLink":"Support colon in username, use LRO_USERNAME and LRO_PASSWORD"}},{"before":"5a838d7b7cafb0780188f50e5ffa314b9f1075c8","after":null,"ref":"refs/heads/jkolarik/rhel-8.10-fix-selinux-labelling-vfs","pushedAt":"2024-06-24T14:09:03.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"}},{"before":"8752006f5f9c11bca3f04c99b463fd167caf0ddd","after":"8eac75556d0f53f3ba6cd12d2545bc8dbebb11f4","ref":"refs/heads/rhel-8.10","pushedAt":"2024-06-24T14:09:03.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"},"commit":{"message":"repo: Don't try to perform labeling if SELinux is disabled\n\nThe default for container execution is that `/sys/fs/selinux`\nis not mounted, and the libselinux library function `is_selinux_enabled`\nshould be used to dynamically check if the system should attempt to perform SELinux labeling.\n\nThis is how it's done by rpm, ostree, and systemd for example.\n\nBut this code unconditionally tries to label if it finds a policy,\nwhich breaks in an obscure corner case\nwhen executed inside a container that includes policy files (e.g.\nfedora/rhel-bootc) but when we're not using overlayfs for the backend\n(with BUILDAH_BACKEND=vfs).","shortMessageHtmlLink":"repo: Don't try to perform labeling if SELinux is disabled"}},{"before":"873583e7c26d39505dfdff6944868c1e5ff33d24","after":null,"ref":"refs/heads/jkolarik/rhel-9.4-fix-selinux-labelling-vfs","pushedAt":"2024-06-21T09:55:58.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"}},{"before":"7529d06dbe7ac4c1cb41a4fb8e32e3b96be72075","after":"a0a32b4c2e2a03ff6ffcb6b7285905ec50892798","ref":"refs/heads/rhel-9.4","pushedAt":"2024-06-21T09:55:57.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"},"commit":{"message":"repo: Don't try to perform labeling if SELinux is disabled\n\nThe default for container execution is that `/sys/fs/selinux`\nis not mounted, and the libselinux library function `is_selinux_enabled`\nshould be used to dynamically check if the system should attempt to perform SELinux labeling.\n\nThis is how it's done by rpm, ostree, and systemd for example.\n\nBut this code unconditionally tries to label if it finds a policy,\nwhich breaks in an obscure corner case\nwhen executed inside a container that includes policy files (e.g.\nfedora/rhel-bootc) but when we're not using overlayfs for the backend\n(with BUILDAH_BACKEND=vfs).","shortMessageHtmlLink":"repo: Don't try to perform labeling if SELinux is disabled"}},{"before":null,"after":"5a838d7b7cafb0780188f50e5ffa314b9f1075c8","ref":"refs/heads/jkolarik/rhel-8.10-fix-selinux-labelling-vfs","pushedAt":"2024-06-19T11:33:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"repo: Don't try to perform labeling if SELinux is disabled\n\nThe default for container execution is that `/sys/fs/selinux`\nis not mounted, and the libselinux library function `is_selinux_enabled`\nshould be used to dynamically check if the system should attempt to perform SELinux labeling.\n\nThis is how it's done by rpm, ostree, and systemd for example.\n\nBut this code unconditionally tries to label if it finds a policy,\nwhich breaks in an obscure corner case\nwhen executed inside a container that includes policy files (e.g.\nfedora/rhel-bootc) but when we're not using overlayfs for the backend\n(with BUILDAH_BACKEND=vfs).","shortMessageHtmlLink":"repo: Don't try to perform labeling if SELinux is disabled"}},{"before":null,"after":"873583e7c26d39505dfdff6944868c1e5ff33d24","ref":"refs/heads/jkolarik/rhel-9.4-fix-selinux-labelling-vfs","pushedAt":"2024-06-19T11:32:22.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"repo: Don't try to perform labeling if SELinux is disabled\n\nThe default for container execution is that `/sys/fs/selinux`\nis not mounted, and the libselinux library function `is_selinux_enabled`\nshould be used to dynamically check if the system should attempt to perform SELinux labeling.\n\nThis is how it's done by rpm, ostree, and systemd for example.\n\nBut this code unconditionally tries to label if it finds a policy,\nwhich breaks in an obscure corner case\nwhen executed inside a container that includes policy files (e.g.\nfedora/rhel-bootc) but when we're not using overlayfs for the backend\n(with BUILDAH_BACKEND=vfs).","shortMessageHtmlLink":"repo: Don't try to perform labeling if SELinux is disabled"}},{"before":"7a3d4ed40276d2667cf48f83672ef1f142a8f0a7","after":"d264065ec0d574b70bf376d5ee3777d7cc03030f","ref":"refs/heads/rhel-9.5","pushedAt":"2024-06-19T11:29:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"repo: Don't try to perform labeling if SELinux is disabled\n\nThe default for container execution is that `/sys/fs/selinux`\nis not mounted, and the libselinux library function `is_selinux_enabled`\nshould be used to dynamically check if the system should attempt to perform SELinux labeling.\n\nThis is how it's done by rpm, ostree, and systemd for example.\n\nBut this code unconditionally tries to label if it finds a policy,\nwhich breaks in an obscure corner case\nwhen executed inside a container that includes policy files (e.g.\nfedora/rhel-bootc) but when we're not using overlayfs for the backend\n(with BUILDAH_BACKEND=vfs).","shortMessageHtmlLink":"repo: Don't try to perform labeling if SELinux is disabled"}},{"before":"cc95edd15b8a4fc4c381c85735e2f14a1dc0852e","after":"86bbb159732e43dd6dff98c96e99382843f7c63b","ref":"refs/heads/dnf-4-master","pushedAt":"2024-06-18T19:57:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"evan-goode","name":"Evan Goode","path":"/evan-goode","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7495216?s=80&v=4"},"commit":{"message":"Release 0.73.2","shortMessageHtmlLink":"Release 0.73.2"}},{"before":"bc371683ab69d51127952b037bde209a56e44105","after":"cc95edd15b8a4fc4c381c85735e2f14a1dc0852e","ref":"refs/heads/dnf-4-master","pushedAt":"2024-06-06T07:31:42.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"Fix countme bucket calculation\n\nActually use the system's installation time (if known) as the reference\npoint, instead of the first-ever countme event recorded for the given\nrepo.\n\nThis is what the dnf.conf(5) man page always said about the countme\noption, the code just never lived up to that.\n\nThis makes bucket calculation more accurate:\n\n1. System upgrades will no longer reset the bucket to 1 (this used to be\n   the case due to a new persistdir being created whenever $releasever\n   changed).\n\n2. Systems that only reach out to the repos after an initial time period\n   after being installed will no longer appear younger than they really\n   are.\n\n3. Prebuilt OS images that happen to include countme cookies created at\n   build time will no longer cause all the instances spawned from those\n   images (physical machines, VMs or containers) to appear older than\n   they really are.\n\nUse the machine-id(5) file's mtime to infer the installation time.  This\nfile is semantically tied to the system's lifetime since it's typically\npopulated at installation time or during the first boot by an installer\ntool or init system, respectively, and remains unchanged.\n\nThe fact that it's a well-defined file with clear semantics ensures that\nOS images won't accidentally include a prepopulated version of this file\nwith a timestamp corresponding to the image build, unlike our own cookie\nfiles (see point 3 above).\n\nIn some cases, such as in OCI containers without an init system running,\nthe machine-id file may be missing or empty, even though the system is\nstill used long-term.  To cover those, keep the original, relative epoch\nas a fallback method.  System upgrades aren't really a thing for such\nsystems so the above point 1 doesn't apply here.\n\nSome containers, such as those created by toolbox(1), may also choose to\nbind-mount the host's machine-id file, thus falling into the same bucket\nas their host.  Conveniently, that's what we want, since the purpose of\nsuch containers is to blend with the host as much as possible.\n\nFixes: #1611","shortMessageHtmlLink":"Fix countme bucket calculation"}},{"before":"020aab89fd015d8303b0e8f3f84e126dcdd4d4f4","after":"7a3d4ed40276d2667cf48f83672ef1f142a8f0a7","ref":"refs/heads/rhel-9.5","pushedAt":"2024-05-20T05:11:29.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"kontura","name":"amatej","path":"/kontura","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16435876?s=80&v=4"},"commit":{"message":"Since we use rpmtsAddReinstallElement rpm also uninstalls the package\n\nUpstream commit: bc371683ab69d51127952b037bde209a56e44105\n\nIt calls callbacks for `RPMCALLBACK_INST_START` and\n`RPMCALLBACK_INST_PROGRESS` just like before when the reinstall was done\nthrough regural install (rpmtsAddInstallElement) but in addition it also\ncalls `RPMCALLBACK_UNINST_START` and `RPMCALLBACK_UNINST_PROGRESS`. To\nensure they find the `DnfPackage` add it to `remove_helper` array.\n\nUnfortunaly this means that the reinstall action is reported twice to\nthe clients (one install and one uninstall). We could try to hide one of\nthe them but I think a better solution is to report what is actually\nhappening and report one install and one uninstall.\n\nThis is for the context part of libdnf (microdnf, packagekit, ...)\n\nFixes: https://github.com/rpm-software-management/libdnf/issues/1653\nResolves: https://issues.redhat.com/browse/RHEL-1454","shortMessageHtmlLink":"Since we use rpmtsAddReinstallElement rpm also uninstalls the package"}},{"before":"18f49a49be14f80233613710e84dda47c5958252","after":"bc371683ab69d51127952b037bde209a56e44105","ref":"refs/heads/dnf-4-master","pushedAt":"2024-05-15T07:28:49.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"Since we use rpmtsAddReinstallElement rpm also uninstalls the package\n\nIt calls callbacks for `RPMCALLBACK_INST_START` and\n`RPMCALLBACK_INST_PROGRESS` just like before when the reinstall was done\nthrough regural install (rpmtsAddInstallElement) but in addition it also\ncalls `RPMCALLBACK_UNINST_START` and `RPMCALLBACK_UNINST_PROGRESS`. To\nensure they find the `DnfPackage` add it to `remove_helper` array.\n\nUnfortunaly this means that the reinstall action is reported twice to\nthe clients (one install and one uninstall). We could try to hide one of\nthe them but I think a better solution is to report what is actually\nhappening and report one install and one uninstall.\n\nThis is for the context part of libdnf (microdnf, packagekit, ...)\n\nFixes: https://github.com/rpm-software-management/libdnf/issues/1653","shortMessageHtmlLink":"Since we use rpmtsAddReinstallElement rpm also uninstalls the package"}},{"before":"90d2ffad964a91a7a798b81e15c16eb1e840f257","after":"18f49a49be14f80233613710e84dda47c5958252","ref":"refs/heads/dnf-4-master","pushedAt":"2024-05-10T10:16:03.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"kontura","name":"amatej","path":"/kontura","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/16435876?s=80&v=4"},"commit":{"message":"Add tests for shell-style variable expansion","shortMessageHtmlLink":"Add tests for shell-style variable expansion"}},{"before":"74150bafa1ffb8527e8eef7507da50562bcb9983","after":"020aab89fd015d8303b0e8f3f84e126dcdd4d4f4","ref":"refs/heads/rhel-9.5","pushedAt":"2024-04-25T10:39:05.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"MergedTransaction: Fix invalid memory access when dropping items\n\nUpstream commit: 90d2ffad964a91a7a798b81e15c16eb1e840f257\n\nWhen an item is dropped from the merged transaction, the `ItemPair` reference becomes invalid and should no longer be used.\n\nResolves: https://issues.redhat.com/browse/RHEL-17494","shortMessageHtmlLink":"MergedTransaction: Fix invalid memory access when dropping items"}},{"before":"bea285c9ad51d3347c77d61326fdcb608d6a08cf","after":null,"ref":"refs/heads/jkolarik/fix-merge-transaction-on-item-erase","pushedAt":"2024-04-24T12:50:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jrohel","name":"Jaroslav Rohel","path":"/jrohel","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/10756662?s=80&v=4"}},{"before":"85432dfd048912083897ab687488087038a9ac96","after":"90d2ffad964a91a7a798b81e15c16eb1e840f257","ref":"refs/heads/dnf-4-master","pushedAt":"2024-04-24T12:50:35.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jrohel","name":"Jaroslav Rohel","path":"/jrohel","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/10756662?s=80&v=4"},"commit":{"message":"MergedTransaction: Fix invalid memory access when dropping items\n\nWhen an item is dropped from the merged transaction, the `ItemPair` reference becomes invalid and should no longer be used.","shortMessageHtmlLink":"MergedTransaction: Fix invalid memory access when dropping items"}},{"before":"9a345da1337c6bd8393e7b8ae54f1b910b857f8c","after":"bea285c9ad51d3347c77d61326fdcb608d6a08cf","ref":"refs/heads/jkolarik/fix-merge-transaction-on-item-erase","pushedAt":"2024-04-24T12:02:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"MergedTransaction: Fix invalid memory access when dropping items\n\nWhen an item is dropped from the merged transaction, the `ItemPair` reference becomes invalid and should no longer be used.","shortMessageHtmlLink":"MergedTransaction: Fix invalid memory access when dropping items"}},{"before":null,"after":"9a345da1337c6bd8393e7b8ae54f1b910b857f8c","ref":"refs/heads/jkolarik/fix-merge-transaction-on-item-erase","pushedAt":"2024-04-23T14:11:23.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"MergedTransaction: Fix invalid memory access when dropping items\n\nWhen an item is dropped from the merged transaction, the `ItemPair` reference becomes invalid and should no longer be used.","shortMessageHtmlLink":"MergedTransaction: Fix invalid memory access when dropping items"}},{"before":"c91ed331cc9ea6512a7aaad918db1be9bc6d4f69","after":"74150bafa1ffb8527e8eef7507da50562bcb9983","ref":"refs/heads/rhel-9.5","pushedAt":"2024-04-18T10:53:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"inknos","name":"Nicola Sella","path":"/inknos","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/20848455?s=80&v=4"},"commit":{"message":"Add virtual destructor to TransactionItem\n\nUpstream commit: e4e90777f789fc45e002b4c0385c0565a76be946\nResolves: https://issues.redhat.com/browse/RHEL-26240","shortMessageHtmlLink":"Add virtual destructor to TransactionItem"}},{"before":"3c5641a9c7c416e387a54eaf7dad7c33db52b0ec","after":"c91ed331cc9ea6512a7aaad918db1be9bc6d4f69","ref":"refs/heads/rhel-9.5","pushedAt":"2024-04-18T09:14:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"m-blaha","name":"Marek Blaha","path":"/m-blaha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/335612?s=80&v=4"},"commit":{"message":"subject-py: Fix memory leak\n\nUpstream commit: fd284bda6f7430b2e939f95c6836c972e22a2eb4\n\nPosible memory leak was detected in get_best_solution() method.\n\nResolves: https://issues.redhat.com/browse/RHEL-26226","shortMessageHtmlLink":"subject-py: Fix memory leak"}},{"before":"7529d06dbe7ac4c1cb41a4fb8e32e3b96be72075","after":"3c5641a9c7c416e387a54eaf7dad7c33db52b0ec","ref":"refs/heads/rhel-9.5","pushedAt":"2024-04-18T08:29:39.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"j-mracek","name":"Jaroslav Mracek","path":"/j-mracek","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/12737303?s=80&v=4"},"commit":{"message":"Replace assert by map_grow\n\nUpstream commit: ef8ac7fcedea1ec87dd3149ce1abdf8daeee25b9\n\nIt will make code prepared for situation when number of solvables\nis increased after query is created and applied.\n\nThe issue can be easilly triggered by adding remote RPMs therefore\nthe patch fixes a standard situation\n\nResolves: https://issues.redhat.com/browse/RHEL-27657","shortMessageHtmlLink":"Replace assert by map_grow"}},{"before":"0120e70747dcf05e716792e2e846c62eccd44319","after":"85432dfd048912083897ab687488087038a9ac96","ref":"refs/heads/dnf-4-master","pushedAt":"2024-04-12T10:58:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"context: use `rpmtsAddReinstallElement()` when doing a reinstall\n\n`rpmtsAddInstallElement()` doesn't work for all reinstall cases, such as\nwhen a package `Provides` and `Conflicts` with the same capability.\n\nFixes: https://github.com/rpm-software-management/microdnf/issues/137","shortMessageHtmlLink":"context: use <code>rpmtsAddReinstallElement()</code> when doing a reinstall"}},{"before":"e4e90777f789fc45e002b4c0385c0565a76be946","after":"0120e70747dcf05e716792e2e846c62eccd44319","ref":"refs/heads/dnf-4-master","pushedAt":"2024-03-28T17:46:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"evan-goode","name":"Evan Goode","path":"/evan-goode","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/7495216?s=80&v=4"},"commit":{"message":"Release 0.73.1","shortMessageHtmlLink":"Release 0.73.1"}},{"before":"fd284bda6f7430b2e939f95c6836c972e22a2eb4","after":"e4e90777f789fc45e002b4c0385c0565a76be946","ref":"refs/heads/dnf-4-master","pushedAt":"2024-03-28T07:45:29.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"Add virtual destructor to TransactionItem","shortMessageHtmlLink":"Add virtual destructor to TransactionItem"}},{"before":"61f0dc08b72d13db223d851d17b162b15f4a9218","after":null,"ref":"refs/heads/mblaha/subject-leak","pushedAt":"2024-03-27T09:43:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"}},{"before":"f2399acf3acf0daef7a8cee6bae28993af3f2a02","after":"fd284bda6f7430b2e939f95c6836c972e22a2eb4","ref":"refs/heads/dnf-4-master","pushedAt":"2024-03-27T09:43:23.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"subject-py: Fix memory leak\n\nPosible memory leak was detected in get_best_solution() method.","shortMessageHtmlLink":"subject-py: Fix memory leak"}},{"before":null,"after":"61f0dc08b72d13db223d851d17b162b15f4a9218","ref":"refs/heads/mblaha/subject-leak","pushedAt":"2024-03-26T13:16:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"m-blaha","name":"Marek Blaha","path":"/m-blaha","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/335612?s=80&v=4"},"commit":{"message":"subject-py: Fix memory leak\n\nPosible memory leak was detected in get_best_solution() method.","shortMessageHtmlLink":"subject-py: Fix memory leak"}},{"before":null,"after":"7529d06dbe7ac4c1cb41a4fb8e32e3b96be72075","ref":"refs/heads/rhel-9.5","pushedAt":"2024-03-21T15:40:42.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ppisar","name":"Petr Pisar","path":"/ppisar","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/1064942?s=80&v=4"},"commit":{"message":"PGP: Set a default creation SELinux labels on GnuPG directories\n\nlibdnf used to precreate the directory in /run/user to make sure\na GnuPG agent executed by GPGME library places its socket there.\n\nThe directories there are normally created and removed by systemd\n(logind PAM session). libdnf created them for a case when a package\nmanager is invoked out of systemd session, before the super user logs\nin. E.g. by a timer job to cache repository metadata.\n\nA problem was when this out-of-session process was a SELinux-confined\nprocess creating files with its own SELinux label different from a DNF\nprogram. Then the directory was created with a SELinux label different\nfrom the one expected by systemd and when logging out a corresponding\nuser, the mismatching label clashed with systemd.\n\nThe same issue was with temporary GnuPG home directories created by\nlibdnf under /tmp.\n\nThis patch fixes both the isseus by restoring a SELinux label of those\ndirectories to the label defined in a default SELinux file context\ndatabase.\n\nObviously the database cannot have a record for a nonspecific\n/tmp/tmpdir.XXXXXX (a mkdtemp() template) directory names. Therefore\nI changed their names to more specific /tmp/libdnf.XXXXXX. Once\na SELinux policy updates the database, directories under /tmp will get\na correct label.\n\nThere is yet another problem with accessing /var/cache/dnf/*/pubring,\nbut that seems to be pure SELinux policy problem.\n\nThis patch adds a new -DENABLE_SELINUX=OFF CMake option to disable the\nnew dependency on libselinux. A default behavior is to support SELinux.\n\nImplementation details:\n\nI used selabel_lookup() + setfscreatecon() + mkdtemp()\n+ setfscreatecon() sequence instead of mkdtemp()\n+ selinux_restorecon() sequence because the later polutes stderr if\na SELinux policy does not define the default context. One could\nsupress stderr messages with selinux_set_callback(), but its effect\ncannot be restored.\n\nI also kept the sequence in one function and reused it for creating\n/run/user/$PID directories because the code is simpler than spliting\nthe function into three parts.\n\nhttps://issues.redhat.com/browse/RHEL-6421","shortMessageHtmlLink":"PGP: Set a default creation SELinux labels on GnuPG directories"}},{"before":"54823d82a1369c25ba1a68c18ea2a67c41f4fbe7","after":"f2399acf3acf0daef7a8cee6bae28993af3f2a02","ref":"refs/heads/dnf-4-master","pushedAt":"2024-03-18T10:23:18.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"jan-kolarik","name":"kolage","path":"/jan-kolarik","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/110612307?s=80&v=4"},"commit":{"message":"Onboard packit tests","shortMessageHtmlLink":"Onboard packit tests"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEdOOEXwA","startCursor":null,"endCursor":null}},"title":"Activity · rpm-software-management/libdnf"}